How Skype Skirts Firewalls( old news - 10:46AM Saturday Dec 16 2006) While creating hardware that will block Skype is a big business, the people in that business have admitted that it's not easy to do, and gets more difficult with each Skype release. While Skype is crafty at avoiding detection, it's also good at getting through firewalls, something explored in this Heise Security report (via Slashdot).
|
 
kyramilan
join:2006-11-26
Pensacola, FL | Hmmmm I guess Skype, which was an idea for me, is not getting on my computers. | |
|  | 
jgkolt
Premium
join:2004-02-21
Lakewood, OH
clubs:
| Re: Hmmmm Actually it is on my computer and works fairly well. I am very happy with the call quality and the price(free for now, and free pc to pc). This software has let numerous friends chat overseas with their families for free as well as them while they are overseas. The fact i didn't have problems with my firewall and the very low bandwidth used(especially the active compression on the call) makes it ideal.
--
1997 Honda Civic EX for sale
PM me
| |
| | | 
phxmark
What Country Are We Living In?
join:2000-12-27
Glendale, AZ
| Re: Hmmmm said by jgkolt  :Actually it is on my computer and works fairly well. I am very happy with the call quality and the price(free for now, and free pc to pc). This software has let numerous friends chat overseas with their families for free as well as them while they are overseas. The fact i didn't have problems with my firewall and the very low bandwidth used(especially the active compression on the call) makes it ideal. I remember when DialPad first came out and it was all FREE. Then they started putting ads in when you called someone. Both parties had to listen to a 10 second ad before you could talk. Then they started charging for DialPad. I used DP alot to call friends and family in other states. I thought it was supercool to be able to make free long distance phone calls. This of course was before my unlimited mobile phone service.
--
High speed is dangerous. Too many MP3s, not enough time. | |
| | | | | 
Fatal Vector
join:2005-11-26
| Re: Hmmmm "If you're worried about Skype, maybe it would be better not to turn your computer on at all."
What you seem to fail to understand is that this behavior on the part of skype is malware/exploit like. It would probably be no great trick to modify the client to plant malware on your computer right through your filewall.
And dont think malware authors and scum wont try now that they have been given the idea. | |
| | | | 
peter_m
Premium
join:2005-07-13
Canada, QC
edit:
December 16th, @10:11PM
| I disagree said by Fatal Vector :What you seem to fail to understand is that this behavior on the part of skype is malware/exploit like. It would probably be no great trick to modify the client to plant malware on your computer right through your filewall. OK... But just because Skype is the first one to openly talk about it does not mean they are the first ones to do it... If Skype never even worked on the concept, it would only be a mater of time till someone else figured it out and exploited it. Who does it first is irrelevant.
The inability to prevent or detect such firewall circumvention is the problem. Don't blame cyber criminals for having a criminal mind. Focus on the real problem, the security holes we allow our selves to live with. | |
| | | | 
shamrin
join:2001-01-08
India
clubs:
| Re: Hmmmm said by Fatal Vector :"If you're worried about Skype, maybe it would be better not to turn your computer on at all." What you seem to fail to understand is that this behavior on the part of skype is malware/exploit like. It would probably be no great trick to modify the client to plant malware on your computer right through your filewall. And dont think malware authors and scum wont try now that they have been given the idea. Look, I have a program from PC Magazine called "shred", it deletes files on my computer so that they are unrecoverable. Now, one could say that this deleting behaviour is exactly the same thing that a virus would do, that doesn't make shred a virus or malware in any way. Analogies are always dangerous but the point here is that Skype is doing exactly what the user wants it to do, it gets around problems that would cause it not to work properly.
I'm as paranoid as anyone (more than most to the continuing embarrassment of my wife whenever we go to dinner parties) and as such I have learned that it's important to direct your paranoia properly with a degree of logic. Saying that Skype exhibits behaviour similar to what malware might do therefore it is malware or "scary scary scary" is just fallacious. Now, let's talk about Microsoft's "Background Intelligent Transfer Service" there's something to be worried about! 
--
I have no opinion, therefore I do not exist | |
| 
Michieru
zzz zzz zzz
Premium
join:2005-01-28
Miami, FL
 ·Speakeasy
| . I am not surprised, after all some ISP's don't want you calling through VOIP. From what I heard they are doing it in Europe and other countries in Asia as well.
Skype wants people across the globe to use there services and by that this is there way at fighting back at those who choose to block them. It's not just to make it easy to setup and run without having to be some firewall wizz, it's also about bypassing access. | |
| | 
TK Junk Mail
Go ahead, make my day
Premium
join:2002-03-03
Margate City, NJ
clubs:
 ·Comcast
| Re: . said by Michieru : It's not just to make it easy to setup and run without having to be some firewall wizz, it's also about bypassing access. And if you are running a business, you don't want your employees bypassing firewalls, for security reasons, and other reasons too. Later, we will read where Skype wonders why the business world shuns their product. Well, this is why - encouraging users to bypass legitimate firewalls.
--
--
My BLOG
My Web Page | |
| | |
kyramilan
join:2006-11-26
Pensacola, FL
·Verizon Online DSL
 ·1and1
·Cox HSI
| Re: . said by TK Junk Mail :said by Michieru : It's not just to make it easy to setup and run without having to be some firewall wizz, it's also about bypassing access. And if you are running a business, you don't want your employees bypassing firewalls, for security reasons, and other reasons too. Later, we will read where Skype wonders why the business world shuns their product. Well, this is why - encouraging users to bypass legitimate firewalls. Our company is putting in a policy on Jan. 1st that if you use Skype, look for another job. They don't care about using email, MySpace, or even IMs but Skype (they don't allow any VOIP), porn and P2P (Torrents) will get you fired. | |
| | | | matrix3D
join:2006-09-27
Deep River, CT
edit:
December 16th, @02:48PM
| Re: . That leads me to believe your company monitors its employees phone calls, which may or may not be legal. I mean look at the list of stuff you say they "allow" and stuff they don't. Porn and P2P is a quite obvious no-no at work, but MySpace? IM? All the stuff that's easy to monitor they allow. | |
| | | | |
Fatal Vector
join:2005-11-26
| Re: . "That leads me to believe your company monitors its employees phone calls, which may or may not be legal"
It's well established: It's their phone system and if they choose to monitor you, tough nuts. Why do you think that you get that warning about your calls may be monitored for "training purposes" whenever you call a major corporation? Why do you think CS reps just sit and spout the corporate line? Because they are being monitored and they know it. All your employer has to do is let it be known they are monitoring you, just like they do on the computer that THEY own, on the network THEY own.
Bottom line is that if you want privacy, use your own cellphone or computer, not the companies. | |
| | | | | | karlmarx
join:2006-09-18
Nashua, NH
·Fairpoint Communic..
| Re: . "It's their phone system and if they choose to monitor you, tough nuts"
And people wonder why everyone hates the megacorps. It's because of attitudes like that, attitudes that treat employees as disposable workers. That's the major problem of all the neo-con capitalists. They've all lost their humanity. I work for a smaller company, that DOESN'T monitor it's employees. We can shop, do banking, etc, all in work time. What matters to the company is that WE DO OUR JOBS. We are measured based on results, not on if there's a warm body sitting at a desk. I allow my staff absolute freedom to do what they want to do. All I ask is that they complete their tasks in a timely manner.
--
Stick it to the MAN. Support your local torrent sites. Proudly providing 10mb of upstream for all your TV, Movie, and MP3 needs. | |
| | | | | | | 
72276539
Premium
join:2001-01-19
Atlanta, GA
| Re: . said by karlmarx :"It's their phone system and if they choose to monitor you, tough nuts" And people wonder why everyone hates the megacorps. It's because of attitudes like that, attitudes that treat employees as disposable workers. That's the major problem of all the neo-con capitalists. They've all lost their humanity. I work for a smaller company, that DOESN'T monitor it's employees. We can shop, do banking, etc, all in work time. What matters to the company is that WE DO OUR JOBS. We are measured based on results, not on if there's a warm body sitting at a desk. I allow my staff absolute freedom to do what they want to do. All I ask is that they complete their tasks in a timely manner. And without the neo-con capitalists you crap on how good would the business world be? While you are trying to make this political let me ask you this, is it just neo-con capitalists in charge of corporations? What about neo-libs in charge of corporations? Or are all the neo-libs just poor black men from the south who have nothing at all and live paycheck to paycheck? I'll answer that one for you, NOT. If you don't like the idea of your phone being monitored don't work for that company. But of course you won't do that. It's way too easy to whine from behind a keyboard then it is to actually change what you don't like in your life. You whine about neo-caps but you'll take their money anyday, damned hypocrite.
--
RIP Dimebag- August 20, 1966 to December 8th, 2004. | |
| | | | |
kyramilan
join:2006-11-26
Pensacola, FL
·Verizon Online DSL
·1and1
·Cox HSI
| said by matrix3D :That leads me to believe your company monitors its employees phone calls, which may or may not be legal. I mean look at the list of stuff you say they "allow" and stuff they don't. Porn and P2P is a quite obvious no-no at work, but MySpace? IM? All the stuff that's easy to monitor they allow. Companies can monitor any employee's phone calls. Actually, our company encourages employees, since we all work 10-12 hours a day/5 days a week, to play a video game, log into MySpace, chat over IM, watch YouTube, etc. to relieve stress. We don't monitor phone calls either. We do see if people are making LD calls (but with everyone walking around with a cellphone no problems). Employees are trusted so never seen a problem personally. | |
| | | | 
vatorman
@cbs.com | Re: Skype firewall bypass Your company is myopic this is 2006!
I have used Skype since "Day One"... I love its audio quality. Get Real! | |
| | |
systemsadmin
@bellsouth.net
| Well, if you have a competent administrator in charge of the systems in a business environment, it is easier to rely on other means of preventing Skype from getting on the network in the first place or dealing with it once its there so one doesn't have to rely on the firewall alone for protection. | |
| | |
Michieru
zzz zzz zzz
Premium
join:2005-01-28
Miami, FL | To add to your post.
Another good reason why to use SIP over Skype. | |
|
sackem for using
@sbcglobal.net
| Sack 'em! You will see more and more organizations that will have immediate termination clauses in employment contracts for using Skype on their corporate networks. I know we are considering it. Enforcement is not as hard as some might think.
When you have big clients who made you sign huge non-disclosure and data protection clauses in their contract, sacking someone for Skype is a cheap solution (when compared to possible leak of data and loss of business).
BTW, you can lock down systems all you want, when you have an office full of developers, there is always a way for them to make it work. So termination on the spot is the best solution. | |
| | AirGig
join:1999-11-21
New York, NY
| Re: Sack 'em! Wow, are your fellow employee's talents that generic and disposable!!? If they are, as your willingness to fire them indicates, what exactly is the uniqueness and value add that your company provides that someone else couldn't, it seems, so easily duplicate and put you out of a job?
Every business has particular needs specific to their size, operations and budget. An IT department's sole purpose is to find a way to implement money saving or revenue enhancing technologies. Smaller companies, without the means to implement and manage their own VOIP system, have rightfully recognized the many efficiency and economic benefits of using Skype to foster their communications, particularly internationally.
IT personnel, in companies of all sizes, should be asking themselves why aren't I implementing Skype or a similiar technology! (Skype provides a huge headstart because it has matured into a "platform" for which many independent developers are writing add-ons that further expand Skype's functionality and wide span of features.)
Skype uses a technique to support it's communication through firewalls. So what! (and thankfully, because who wants to maintain rules for VOIP - PITA!). Where is it definitively proven that it creates an exploitable, not just theoritical, vunlerability?
Meanwhile, Skype users enjoy the FREE use, savings, efficiencies, productivity gains and collaboration benefits, and be sure to check out all the other unique and innovative Skype Add-Ons for even more enhancement!
I have no ties, except as a user, to Skype or Yahoo. | |
| | |
kyramilan
join:2006-11-26
Pensacola, FL
·Verizon Online DSL
·1and1
·Cox HSI
| Re: Sack 'em! said by AirGig :Smaller companies, without the means to implement and manage their own VOIP system, have rightfully recognized the many efficiency and economic benefits of using Skype to foster their communications, particularly internationally. I find small "businesses" that rely on Vonage, Sunrocket, Packet 8, any Net VOIP etc. for their communications to be quite humorous. That is like running a million dollar company on a Website hosted on a $10 a month plan. In fact, after hanging up, I usually laugh at them. It is funny they will pay us a fortune for our services but don't want real phone service. And, they boast about it: "I've got 3 VOIP providers," one said, "Just in case one goes down." ROFLMAO! | |
| | stufried
Premium
join:2003-10-13 | I have a zero tolerance for people who support zero tolerance policies. | |
| | hack4fun
pchelpers . lefora . com
Premium
join:2006-08-28
Taylors, SC
| said by sackem for using :
You will see more and more organizations that will have immediate termination clauses in employment contracts for using Skype on their corporate networks. I know we are considering it. Enforcement is not as hard as some might think.
When you have big clients who made you sign huge non-disclosure and data protection clauses in their contract, sacking someone for Skype is a cheap solution (when compared to possible leak of data and loss of business).
BTW, you can lock down systems all you want, when you have an office full of developers, there is always a way for them to make it work. So termination on the spot is the best solution.
Hello they could just as easily pick up a phone, save notes to a thumb drive, send an encrypted email, etc. Skype unfortunately is becoming the scape goat for unreliable workers who a morons! | |
| | claudeo
join:2000-02-23
Redmond, WA
| If you tell your employees that you don't trust them -- or you treat them that way in a more or less covert way that will inevitably be exposed -- , you get back exactly what you deserve. In any case say goodbye to innovation, creativity, commitment or genuine customer service, the *only* things that can save US jobs -- including your own -- in the face of offshore competition. | |
| | | 
Irenic
join:2000-05-02
Montreal, QC
edit:
December 16th, @09:17PM
|  Skype rocks!
It's up to employers and employees to determine what may or may not be done on the job. Banning Skype outside private businesses by ISPs is done for two reasons:
1) Fear of losing revenue.
2) Fear of being unable to supress free communication.
Skype does a wonderful job and one can hardly fault it because some people don't like the freedom it gives us to communicate cheaply and effectively. | |
| |
Fatal Vector
join:2005-11-26
| Re: Skype rocks!
Yes, and the freedom it will give malware to screw us up in the future. You CAN fault it because people have firewalls up for a reason and things that you put on your computer are not supposed to just bypass it on a whim or, with a sneak trick. Sneak behavior is, quite simply, Malware/virus/exploit behavior.
Lets see what you all have to say further down the line when this behavior is being used for malware. Then you wont be so complacent. | |
| | | yzor
Premium
join:2003-01-03
Jacksonville, FL | Re: Skype rocks! can you not block all out going UDP packets and stop Skype? | |
| | | |
Fatal Vector
join:2005-11-26
| Re: Skype rocks! "can you not block all out going UDP packets and stop Skype?"
Yes, you can (usually, in a decent firewall. Thing is you have to modify the rules to do it). But Joe and Jane box of rocks doesn't know that. They are more likely to click on a OK box than anything else. | |
| | | | | karlmarx
join:2006-09-18
Nashua, NH
·Fairpoint Communic..
| Re: Skype rocks! No, you CAN'T block all udp packets. That would 'break the internet'. What skype is doing is peferctly fine. The firewall is acting EXACTLY AS IT SHOULD. If I open an outbound udp connection, then I MUST be able to get traffic BACK. The programmers at skype realize that, and use it correctly.
Hint: You CAN'T SEND MALWARE over UDP. Period. UDP does NOT GUARANTEE DELIVERY, so you can't send traffic to cause a buffer overflow.
--
Stick it to the MAN. Support your local torrent sites. Proudly providing 10mb of upstream for all your TV, Movie, and MP3 needs. | |
| | | | | |
Michieru
zzz zzz zzz
Premium
join:2005-01-28
Miami, FL
edit:
December 16th, @09:02PM
| Re: Skype rocks! "No, you CAN'T block all udp packets."
Yes you can. All incoming at least to my knowledge. | |
| | | | | | |
Fatal Vector
join:2005-11-26 | Re: Skype rocks!
I can block all UDP if I like with my firewall. But then, not all firewalls are equal and mine is a older one not targeted by malware. Just goes to show that just because it's new doesn't allways mean better | |
| | | | stufried
Premium
join:2003-10-13 | The UAE has sucessfully blocked Skype so obviously it can be done. | |
| |
John T
@northgrum.com
| Of course, there's always
3) Fear of using a closed-source, non-open standard product which turns nodes into supernodes (without saying so) and has essentially no security (Skype keeps all keys, the clients implicitly trust anything over the Skype protocol.)
There are lots of scary things about Skype from a security perspective. | |
| | | claudeo
join:2000-02-23
Redmond, WA
| Re: Skype rocks! said by John T :
Of course, there's always
3) Fear of using a closed-source, non-open standard product which turns nodes into supernodes (without saying so) and has essentially no security (Skype keeps all keys, the clients implicitly trust anything over the Skype protocol.)
There are lots of scary things about Skype from a security perspective.
Compared to, er, Microsoft WGA? | |
|
jgkolt
Premium
join:2004-02-21
Lakewood, OH
clubs:
| firing Shouldnt you hire people who are self motivated and don't need to be watched ove rliek a little kid to see if they are running skype? The fact that the address book is peer to peer hurts them on a firewall perspective but besides that i think skype is a great product that should be encouraged. | |
| |
See 18 replies to this post | |
robertfl
Premium
join:2005-10-10
Mary Esther, FL
 ·Cox VOIP
·Cox HSI
| Skype.. A lot of the average users don't know how to open up firewall ports (which is a good thing) so having programmes like skype is a good thing but remember, bad things can happen, too.
Rob
--
Looking for something different to listen to? »www.rfdradio.info is your answer! | |
| 
Dude111
An Awesome Dude
Premium
join:2003-08-04
USA | Skype has become OVER BLOATED GARBAGE!!
Version 2.0.0.73 is over 19M when installed on my computer....... All i want is the Skype - Skype chat,none of that other crap......... | |
| | | |
|
|
